Reauthenticating an NT 4.0 BDC
Posted on 2002-04-19
I am currently managing a few fairly small military networks. On one of my networks, I have an NT 4.0 domain set up with one PDC and one BDC. The domain controllers had some issues and were seperated briefly. The problem now is that the PDC does not trust the BDC. Directory replication still occurs from the PDC and one can add / change users, etc on the PDC. However, it is not possible to add users from the BDC. It generates the error "There is no user session key for the specified logon session". Also, errors 3210 and 7023 are present in the event log.
This problem and resolution is described in Technet Article Q153719 "How to Re-Sync PDC/BDC Trust After Event IDs 3210 and 7023". Basically, the password-protected channel has been broken and the account associated with the BDC's computer name (BDC$) is lo longer listed with the PDC. However, the suggested resolution of renaming the computer name (even temporarily) is not feasible as the system is also an Exchange 5.5 server.
Does anyone have any suggestions regarding how one might readd the computer name to the PDC (possibly a third party tool) so that we will not require a full rebuild of the NT Server and Exchange? Any ideas would be greatly appreciated.